<?php
use Phalcon\Acl;
use Phalcon\Events\Event;
use Phalcon\Mvc\User\Plugin;
use Phalcon\Mvc\Dispatcher;

class SecurityPlugin extends Plugin
{
   public function beforeExecuteRoute(Event $event, Dispatcher $dispatcher)
   {
       $auth = $this->session->get('auth');
       if(!$auth){
           $role = 'Guests';
       }else{
           $role = 'Users';
       }

       $controller = $dispatcher->getControllerName();
       $action = $dispatcher->getActionName();

       $acl = $this->getAcl();

       $allowed = $acl->isAllowed($role, $controller, $action);
       if($allowed != Acl::ALLOW){
           $this->flash->error("");
           $dispatcher->forward(
               array(
                   'controller' => 'index',
                   'action' => 'index'
               )
           );

           return false;
       }
   }
}

